Threat Hunting at Scale: How Cythera’s Latest Capabilities Enhance Security

04 Sep / 2024

We’ve recently seen a rapid evolution in the sophistication of automated cybersecurity applications and functionality. Tools such as Next Generation Firewalls (NGFWs) and Artificial Intelligence-driven Intrusion Detection Systems (AI-IDS) have rapidly transformed from simple, rule-based defences into intelligent, adaptive guardians of digital environments. While these tools offer tremendous capabilities, IBM suggests that when combined with the power of tier 1 and 2 security analysts, automated solutions can only handle around 80% of threats. The kicker here is that the remaining 20% are often more sophisticated, more challenging to detect and more capable of causing significant damage.  

With advancements in threat defence technology and awareness, a hardened attack surface has forced these advanced adversaries to adopt and rely on techniques that allow them to move faster and evade detection.  

This article looks at the current threats facing businesses across Oceania, the integral role threat hunting plays in protecting enterprises against cyber risks and how Cythera’s new always-on threat-hunting capabilities facilitate threat hunting at scale, protecting you against the other 20%.  

Rising Threats: A Surge in Cyber Attacks Across Australian Businesses 

Over the past two years, the Australian Cyber Security Centre (ACSC) has observed a marked increase in cyberattacks targeting businesses across various sectors in Australia. There has been a notable rise in identity-based and cloud-focused attacks, where adversaries leverage the systems intended to protect organisations, such as VPNs and cloud services, to gain unauthorised access.  

Additionally, attacks on critical infrastructure have surged, with state actors primarily driving these efforts. By employing sophisticated techniques to exploit vulnerabilities in connected operational technology, these attacks have been successful in disrupting essential services across ANZ.  

The Growing Danger of Interactive Intrusions 

Australia also saw a significant rise in interactive intrusions in 2023. Interactive intrusions represent a particularly sophisticated class of cyberattacks, where adversaries establish an active, persistent presence within a target network. These attacks are distinct from automated attacks in that they involve real-time human operators: hackers who interact directly with systems, using ‘hands-on-keyboard’ tactics to adapt their strategies as they move through the network.  

Key characteristics of interactive intrusions include: 

  • Manual Intervention: Attackers manually navigate the network, employing their skills and deep knowledge to bypass security controls. This hands-on approach allows them to tailor their attack methods to the specific environment, making these intrusions particularly difficult to detect.
  • Persistence: These attackers don't just strike once and leave; they aim to establish and maintain long-term access within the network. They often use advanced techniques, such as custom malware or backdoors, to remain undetected for extended periods.
  • Lateral Movement: Once inside, attackers move laterally across the network to identify and compromise additional systems. This strategic movement allows them to gather information, escalate privileges, and identify valuable targets.
  • Data Exfiltration: The ultimate goal of many interactive intrusions is to steal sensitive data, intellectual property, or credentials. This data is often exfiltrated over time to avoid detection, using techniques designed to blend in with normal network traffic.
  • Customisation: Attackers tailor their techniques to the specific defences and environment of the target organisation. This customisation makes traditional detection methods less effective, as the attack methods are explicitly designed to evade the existing security measures.

Interactive intrusions pose a significant challenge to organisations because they require advanced threat-hunting and incident-response capabilities to detect and mitigate. Traditional security tools, COTS solutions, and automated systems often fail to identify these next-level attacks, necessitating a more proactive, human-centric approach to cybersecurity. 

Living Off the Land: The Subtle Tactics of Modern Cyber Adversaries 

Adversaries are increasingly using “living off the land” tactics, leveraging stolen identities and legitimate tools already present within a network to minimise their footprint. This approach reduces the chances of triggering traditional security alerts, as the adversaries’ activities can closely mimic regular user or system administrator actions. This makes it exceptionally difficult for defenders to distinguish between malicious behaviour and everyday operations. 

Staying Ahead of Sophisticated Adversaries with Cythera 

As adversaries adopt new tactics, Cythera remains at the forefront of cybersecurity innovation. Our team has been working diligently behind the scenes to develop and enhance capabilities that keep pace with these evolving threats and stay one step ahead. Cythera’s new always-on threat-hunting capabilities are designed to counteract even the most sophisticated attacks, effectively stopping adversaries before they can get close to compromising your network. 

Our approach includes: 

  • Extended Workflow Capabilities: Cythera’s platform can orchestrate complex workflows involving various security tools, ensuring that responses are swift and contextually relevant to the threats and the specific environment of the client. 
  • Customised Alerting Systems: Unlike standard MDR services that rely on generic alert thresholds, Cythera configures alerting systems that are finely tuned to each client's operational and risk profiles, enhancing the accuracy of threat detection and reducing false positives. 
  • Dynamic Configuration and Adaptation: The ability to dynamically configure and adapt to new security challenges as they arise is a cornerstone of Cythera’s MDR service. This flexibility allows for immediate integration of new technologies and threat intelligence, ensuring clients benefit from the most up-to-date protection mechanisms. 
  • Personalised Threat Intelligence: Cythera enhances its threat detection capabilities by leveraging multiple threat intelligence sources, including the ACSC, and customising this intelligence to align with each client's specific industry sector and threat landscape. This 'herd immunity' strategy ensures all clients benefit from discoveries made across Cythera’s network. 
  • Highly Customised SLAs and Incident Response: Cythera offers SLAs tailored to each client's operational needs, providing guaranteed response times and dedicated support hours that align with the client’s business hours and security requirements. Incident response strategies are similarly customised, ranging from on-site assistance to comprehensive remote support, providing scalable solutions that grow with the client’s needs. 

Take the Next Step in Cybersecurity 

Experience the difference between Cythera’s Hu-MANaged Detection and Response service, a solution that adapts to your needs and goes beyond inflexible, one-size-fits-all MDR tools.  

Schedule a demo today, and we’ll provide a free security tooling evaluation to assess your current workplace defences. As a thank you, we’re also offering an Apple Air Tag or Android Compatible ‘Tile’. 

Resources

You may be interested in

Data Harvester Parading as a Legitimate Application -ZoomInfoContactContributor.exe

What is Happening?Cythera are reporting a significant increase in the installation of a potentially unwanted application called ZoomInfo Contact…

Read More arrow_forward

Don’t Fall for the ‘Tick + Flick’ Trap: The difference between a true MDR and Tick + Flick Service

An objection some customers have when we first connect is that they “already use a Managed Detection and Response service”, yet a little dig…

Read More arrow_forward

Malware That Lives Beyond OS Rebuild

Normally if your machine is infected with malware, you can simply reinstall Windows, and the problem is solved, right? Not with this type of mal…

Read More arrow_forward